Sometimes overlooked in the great cybersecurity battle is the role of the Secret Service. Drawing on its heritage of stopping currency counterfeiting, the Secret Service investigates cyber enabled financial crimes of all sorts. Now it has the help of an outside group called the Cyber Investigations Advisory Board. Deputy assistant director of the Secret Service’s Office of Investigations Jeremy Sheridan had more details on Federal Drive with Tom Temin.
Insight by CyberArk: Learn how the CDC is using the least-privilege model to limit how much damage hackers can do in federal networks in this free webinar.
Tom Temin: Mr. Sheridan, good to have you on.
Jeremy Sheridan: Thank you, sir. Great to be here and thanks for having me.
Tom Temin: So review for us what the Secret Service does do with respect to investigations of financial crime. Just give us the overview, here.
Jeremy Sheridan: Absolutely. We are certainly prominently known for our protective mission, but the agency was actually started, the inception was to combat counterfeiting in the United States back in 1865. So at our core, we are an investigative agency that our roots are deeply founded in financial investigations. And as one of the original investigative law enforcement agencies, we’ve conducted criminal investigations to protect the American public, companies, financial institutions and critical infrastructure. Since the time of our inception, even as early as the 1970s, we were getting into more of a modern investigative role. Our investigative mission evolved from primarily counterfeit investigations to combating a growing rise of what we called then electronic crimes, as our financial and payment systems began to incorporate computers and computer networks. Over the decades since we have developed substantial capability and experience in safeguarding the financial and other critical infrastructure sectors from criminal exploitation. And while we’re better known for our protective mission over the past two decades, we have proven highly successful at defending against investigating and apprehending some of the world’s most notorious cyber criminals.
Tom Temin: Sure, and I imagine just as an aside, counterfeiting is not much of a problem relative to what it used to be because of how sophisticated the printing of currency has become correct.
Jeremy Sheridan: That’s true, the security features in paper currency that we see today really are getting much more substantial and making counterfeiting a much harder crime to commit. Certainly domestically – it is a bigger problem internationally and overseas where the victims and those who are accepting counterfeit currency aren’t as familiar with those security features. But that’s not to say we have abandoned our roots and aren’t engaging in the counterfeit mission, we certainly still do that. But we are getting more and more involved in the complex cyber enabled fraud as society modernizes.
Tom Temin: And of course, in the latter day the Secret Service moved over to being part of Homeland Security. But I imagine in this financial crimes and cyber financial area, you must still work pretty closely with Treasury.
Jeremy Sheridan: Absolutely. We have great partnerships across all of government, with the counterfeiting currency being a core mission. We work, of course, as you said, closely with the Department of Treasury, but we are also partnering heavily within our own agency with Homeland Security Investigations with internal revenues criminal investigation section and our partnerships with the FBI remain very strong as we engage more and more in the cyber realm.
Tom Temin: Alright, let’s get into this new cyber investigations advisory board, which is something that is going to be working along with Secret Service. What is it and what do you hope to get from it?
Jeremy Sheridan: So the board really came about from a idea of the board’s executive director, one of our senior advisors, Jonah Hill, and the intent was to provide outside strategic direction to the Secret Service’s investigative mission. We’re looking to leverage expertise in all facets, all verticals of society, private sector, academia, other government agencies to identify trends in cybercrime, technology, law and policy, and a host of other disciplines, and leverage that knowledge base to provide us within the agency expert guidance, as we look to modernize into better ways to do training – stronger partnerships, deeper investigative priorities related to the cyber mission.
Tom Temin: We’re speaking with Jeremy Sheridan. He’s deputy assistant director of the Office of Investigations at the Secret Service. And who will be on this advisory board and how will they get on to it?
Jeremy Sheridan: So we don’t list the individual members of the board out of respect to them. We don’t want to provide that publicly. We do encourage them to have public statements related to their involvement, but we like to defer to them in terms of how vocal they want to be about that. But we have representatives from a variety of different entities within, as I said private sector, government, academia – all different walks of life who can provide us expertise into how we can do our investigations better. In terms of how they come on the board, they’re appointed by the Secretary of Homeland Security through director approval here within the agency, and they serve in a minimum of two up to three-year commitment to the board, meeting a couple times of year in order to help us guide our investigative mission and provide their outside strategic direction to us as we go through our investigative priorities.
Tom Temin: And what are some of the areas of expertise you feel could use regular advice or shoring up, for example, how to investigate the dark web might be something I would think of?
Jeremy Sheridan: Yeah, absolutely. So we look at this from really a broad lens to start, I mean, we look at the risks that we’re facing in the cyber realm in terms of the growing threat, the increased level of specialization of technical competence of our adversary. And we’re faced with a lot of uncertainty about responsibilities related to protecting the financial system in terms of – I relate it to, and it’s a gross oversimplification, I get it – but when I was in uniform as a police officer, there was a proactive role. There was a visible presence, there was a community policing element. We don’t really have that ability in the cyber realm to be that visible, that engaged and have that level of interface with different victims or potential victims of cybercrime. So we’re looking to shore up the responsibilities about how to protect the financial system, and we’re also dealing with the digitization of society as a whole. Financial service firms are becoming certainly more technologically advanced. And these tech companies are becoming financial service firms in their own right. So what we’re trying to do is reimagine the Secret Service’s investigative mission in those different elements, as you said, whether it’s the deep web, the dark web, ransomware, business, email, compromises, all forms of phishing, smishing, vishing, every type of victimization that occurs out there, and to modernize our investigative focus, expand our partnerships, rethink how we’re training, recruiting and retaining cyber talent and go into new approaches of things that perhaps we aren’t looking at, whether it’s cryptocurrency, asset forfeiture or money laundering.
Tom Temin: So it really sounds like a human capital issue that you have with this advisory board that can help solve it more so than a technological one.
Jeremy Sheridan: Well, I would say it’s – that’s the challenge, it’s all of them. Certainly human capital is a significant part of it. There’s also a infrastructure part in terms of what we have with our physical resources, our technology, our hardware, if you will, in order to defend, identify, protect, combat, prosecute the adversary. It’s also a data management piece, how are we analyzing the data? What data are we analyzing? And how are we bringing that data to life across these different verticals within government outside of government, in order to have these conversations, these exchanges, and this interplay so that we can be the most effective, investigative and prosecuting agency out there to bring value to the members on the board, and subsequently to their respective organizations and the American public as a whole?
Tom Temin: I imagine the financial industry itself, including, say, the big credit card networks, and maybe some of the big giant banks, or maybe some small banks, probably have a lot of knowledge because they live with these kinds of attacks daily.
Jeremy Sheridan: Absolutely, sir. That’s a great observation and a great question. We are only as effective as the information we receive and the partnerships we’re able to form. And I think you see that playing out in real time in this current environment related to COVID. And the opportunities for fraud that exist related to the support and assistance programs that have been implemented related to COVID. Whether it’s the CARES Act, the Paycheck Protection Program, the EIDL – the Economic Injury Disaster Loan Program – that infused so much cash and resources into the financial sector at such a high volume and such a high rate of speed that it created a great number of opportunities for fraud, and false applications and incorrect disbursements related to these funds. But the way we were able to identify those, way we’re able to interject and intercede and prevent even more fraud from occurring was a result of these partnerships as you indicated. With Small Business Administration with the individual banks, both large and small, with other government agencies, we’re able to exchange the information, see the indicators of fraud, the attack vectors, where the fraud was occurring, who was committing it, and partner together across all of those different entities in order to really be a more effective investigating and prosecuting force.
Tom Temin: And of course, you’ve got federal partners that are also pretty big financial entities in themselves. I’m thinking for example of CMS which distributes a trillion dollars a year through Medicare and Medicaid payments, Social Security, and for that matter, a place like the Education Department, which has, I don’t know a couple of trillion dollars under stewardship in the student loan portfolio.
Jeremy Sheridan: Yes, absolutely. I mean, the Secret Service is built on partnerships. That’s the way we started back in 1865 with counterfeiting. We weren’t successful at our counterfeit mission without establishing relationships of victims receiving counterfeit. And that continues today. Our partnerships with every element of government and private sector, whether it’s state, local, federal, tribal, or territorial, it is imperative for us to be successful. And as you indicate those entities that have the high volume, the most prominent roles in these payment distributions are really where we make the most headway and have the most success, and are able to actually help them defend better help them be better prepared against the adversary through the communications that we’re providing. We’ve stood up our global investigative Operations Center here at the Secret Service that has been instrumental in a lot of the CARES Act, fraud prevention, because of their communication to these entities, about the indicators of fraud things to look for specific type of technical recommendations in order to prevent further fraud from occurring.
Tom Temin: And with this board meeting at some regular intervals with agency leadership, how will the learnings get transmitted down to the agents on the street so to speak?
Jeremy Sheridan: Yeah, that’s a great question. We’re looking at the strategic level right now, in terms of what we can do better operationally, in a lot of different disciplines, whether it’s trends in cybercrime, technology, law and policy. And that expert guidance will help us form what we do on those – in those categories you identified in terms of staffing, where do we need to put more resources in human capital elements? Where do we need to put more resources in physical assets? Where do we need to put more resources and infrastructure as well as how we’re doing it? Not only what we’re doing it with, but how we’re doing it related to the data? Is the data we’re collecting the right data? Is the data we’re analyzing the right data? Are we analyzing in the right way. And the results of those analytics, is that information being given to individual investigators and analysts and agents in a way that allows them to be successful in prosecution. So it does eventually translate down into the operational teams who are executing the mission. But we’re starting at that top strategic level to help us form and sharpen and strengthen the way we do that to make us more effective.
Tom Temin: Jeremy Sheridan is deputy assistant director of the Office of Investigations at the Secret Service. Thanks so much for joining me.
Jeremy Sheridan: Thank you, sir. Appreciate your time.
Tom Temin: We’ll post this interview together with a link to more information at www.FederalNewsnetwork.com/FederalDrive. Hear the Federal Drive on demand and on your device. Subscribe at Apple Podcasts or Podcastone.